A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
Metrics
Affected Vendors & Products
References
History
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-840 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Business Logic Errors in GitLab | Incorrect User Management in GitLab |
Weaknesses | CWE-286 |
Wed, 18 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:* | |
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-09-29T06:02:21.304Z
Updated: 2024-10-03T06:23:12.878Z
Reserved: 2023-07-25T10:30:31.597Z
Link: CVE-2023-3914
Vulnrichment
Updated: 2024-08-02T07:08:50.677Z
NVD
Status : Modified
Published: 2023-09-29T07:15:13.380
Modified: 2024-10-03T07:15:14.560
Link: CVE-2023-3914
Redhat
No data.